CVE-2025-24982

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...

CVE-2025-24982

The CVE-2025-24982 affects the WordPress plugin Activity Log WinterLock, specifically versions prior to 1.2.5. The vulnerability is a Cross‑Site Request Forgery (CSRF) that can cause log data to be deleted when a logged‑in user views a malicious page. No root cause details beyond CSRF are provide...

CVE-2025-24982

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...

JVN#94806805: WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the log data may be deleted. Solution Update the plugin Update the plugin according to the information provided by the...